Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by Caetano (2016-01-19 14:31:55)
Running from D:\Users\Caetano\Desktop
Windows 10 Pro (X64) (2015-12-23 13:45:53)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1014537539-2695994088-2108778008-500 - Administrator - Disabled)
Caetano (S-1-5-21-1014537539-2695994088-2108778008-1000 - Administrator - Enabled) => D:\Users\Caetano
DefaultAccount (S-1-5-21-1014537539-2695994088-2108778008-503 - Limited - Disabled)
Guest (S-1-5-21-1014537539-2695994088-2108778008-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1014537539-2695994088-2108778008-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1014537539-2695994088-2108778008-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
GMATPrep (HKLM-x32\...\GMATPrep 2.3.322) (Version: 2.3.322 - Graduate Management Admission Council (GMAC))
Google Chrome (HKU\S-1-5-21-1014537539-2695994088-2108778008-1000\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2015) (Version: 1.0 - Receita Federal do Brasil)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM-x32\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 pt-BR)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
NVIDIA 3D Vision Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.0.0 - Popcorn Time)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPROR_{115B7592-B71D-4C27-AB34-34268FB199CA}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.2.0.14250 - Sony Corporation)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1014537539-2695994088-2108778008-1000\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.2.0.15020 - Sony Corporation)
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.2.0.15020 - Sony Corporation)
VAIO Power Management (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.1.0.13200 - Sony Corporation)
VidyoWeb - 1.1.1.00075 (HKLM-x32\...\{B6CA2BDD-D30F-4426-A5C6-767BAD8FF02F}) (Version: 1.1.1.00075 - Vidyo, Inc.)
War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
Warsaw 1.11.0.42826 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.11.0.42826 - GAS Tecnologia)
WebCam Companion (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: - )
Windows Driver Package - Atheros Communications Inc. (athr) Net (02/12/2010 9.0.0.125) (HKLM\...\62D2521666DCF9EBEC983E0344A3DEE15CF2C6D3) (Version: 02/12/2010 9.0.0.125 - Atheros Communications Inc.)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
X-Plane 10 Global - 64 Bit (HKLM-x32\...\Steam App 292180) (Version: - Laminar Research)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> D:\Users\Caetano\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> D:\Users\Caetano\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> D:\Users\Caetano\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> D:\Users\Caetano\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> D:\Users\Caetano\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> D:\Users\Caetano\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> D:\Users\Caetano\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> D:\Users\Caetano\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> D:\Users\Caetano\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> D:\Users\Caetano\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0041BDAC-BBB5-4362-B2E7-BC71E3086DC8} - System32\Tasks\Adobe Acrobat Update Task => D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {03F09925-6C07-4EBC-88B1-C3C0363750EC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => D:\Windows\ehome\mcupdate.exe
Task: {07EE8A23-9808-4B9E-967C-707A9D8C82FE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {09B3399E-69B8-4BC8-A84A-0E7E4679658E} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => D:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-01-20] (Sony Corporation)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {17505B6F-3541-497C-8D1A-B30F9409A544} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => D:\Windows\ehome\mcupdate.exe
Task: {18A6C544-CBD8-40D6-A57A-C0EF715D8B31} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => D:\Windows\ehome\ehPrivJob.exe
Task: {1A8CB5ED-D01A-4480-86E5-CDE4D4DFDAF3} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => D:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-01-20] (Sony Corporation)
Task: {24F52321-3131-400C-B42C-B39E33BB8CE2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => D:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {2650A2A9-E032-4DAB-8998-0E45F3371AA5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => D:\Windows\ehome\ehPrivJob.exe
Task: {26F3E1FD-C64E-4A97-BC37-82D0BDE4ABE9} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => D:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-01-20] (Sony Corporation)
Task: {27A9E23E-1A5C-4DC7-BB96-8F74F13EA50F} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => D:\Windows\ehome\ehPrivJob.exe
Task: {2ECA202E-4B08-44FD-B287-D5F262CB63B3} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => D:\Windows\ehome\mcupdate.exe
Task: {31CAB992-9BBE-4FDC-9F91-E62DFEE86EA8} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => D:\Windows\ehome\ehrec.exe
Task: {32A5F204-8D4A-4C3D-B4EA-855B000D8A9D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3409C17B-F091-466D-8C4C-1D9B35FD5CAC} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => D:\Windows\ehome\ehPrivJob.exe
Task: {359DA2E4-D76B-4AE8-B372-5AEEBD450926} - System32\Tasks\AdobeAAMUpdater-1.0-Caetano-PC-Caetano => D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-10-30] (Adobe Systems Incorporated)
Task: {3632D93F-FECC-4412-8161-0E7E6DA0AC11} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {40C67CA3-CE89-4873-B2FE-DE03AE12DB65} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => D:\Windows\ehome\ehPrivJob.exe
Task: {443551E0-5B5D-45B3-9D23-6628C1501B79} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {454E03C0-C8D2-402E-B93F-07C36E9715A8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => D:\Windows\ehome\ehPrivJob.exe
Task: {458B47A0-4ACD-498A-915E-C91690A48A6B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => D:\Windows\ehome\mcupdate.exe
Task: {5359B02C-E54D-442C-9E7C-E81A02CEF15F} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => D:\Windows\ehome\MCUpdate.exe
Task: {57BA7565-F1EE-4BB2-A666-1CE884A1EA26} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => D:\Windows\ehome\mcupdate.exe
Task: {58E7A071-FE80-468D-BBB2-11FAE4E0A50D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => D:\Windows\ehome\mcupdate.exe
Task: {5C7F4257-CCDC-49DC-867E-F91BD4993B90} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => D:\Windows\ehome\ehPrivJob.exe
Task: {6BECDCC5-E5DD-4025-9A42-F236FBC7D0D7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1014537539-2695994088-2108778008-1000UA => D:\Users\Caetano\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.)
Task: {7D386109-4A56-473E-AE4F-A38D7B1BBDBE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {7DC9330F-1CE5-40CB-94D5-27A0FED80072} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => D:\WINDOWS\system32\MRT.exe [2016-01-17] (Microsoft Corporation)
Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => C:\windows\system32\MusNotification.exe
Task: {87CB2D65-5224-4481-9FCC-242019E2C12F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8C1C4E8F-0903-4249-B29C-487F7E13C1E0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9395EB0B-2EEF-4D54-BC29-8C5985F111F6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => D:\Windows\ehome\ehPrivJob.exe
Task: {950A4493-D957-4A60-AC66-7CAEC95DB839} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A0B4F51C-5690-496E-9A78-0421C7C1C1C4} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => D:\Windows\ehome\mcupdate.exe
Task: {A829CCF2-11BB-4A90-B24D-3D06DF9730D1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => D:\Windows\ehome\ehPrivJob.exe
Task: {A88E1FC2-D23D-4E62-9E77-FE2243615D74} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => D:\Windows\ehome\ehPrivJob.exe
Task: {A9E65A22-56E1-4630-B9FE-21B14BD43CAF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {B693409A-915D-4471-988E-6694A7F7E60E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C06AB0E1-A4A8-40AC-ABEE-A526A6CF180E} - System32\Tasks\AutoPico Daily Restart => D:\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()
Task: {CD134041-FB81-4F46-BBD9-EFF181C7A6B1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => D:\Windows\ehome\ehPrivJob.exe
Task: {CF0B319C-0056-49D4-AA0F-F201138921CD} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => D:\Windows\ehome\ehPrivJob.exe
Task: {CF1B524B-65FC-4EA1-A4BE-C294C6D57DBE} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => D:\Windows\ehome\ehPrivJob.exe
Task: {D849ACF8-1395-4F2E-94F0-380C18B0ABCC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1014537539-2695994088-2108778008-1000Core => D:\Users\Caetano\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.)
Task: {DACD4789-69AC-4E6C-AD7A-98DEFE0087B9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => C:\windows\system32\MusNotification.exe
Task: {F01A67C3-4996-4937-B2C0-1066F858EA5C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FEC565A8-33C7-4F41-8F7C-088FD9B11DCA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1014537539-2695994088-2108778008-1000Core.job => D:\Users\Caetano\AppData\Local\Google\Update\GoogleUpdate.exe
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1014537539-2695994088-2108778008-1000UA.job => D:\Users\Caetano\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () D:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-23 10:18 - 2015-10-13 14:26 - 00125616 _____ () D:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-23 15:06 - 2015-12-23 15:06 - 02653816 _____ () D:\WINDOWS\system32\CoreUIComponents.dll
2015-12-23 15:06 - 2015-12-23 15:06 - 02653816 _____ () D:\WINDOWS\System32\CoreUIComponents.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () D:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-12-23 12:20 - 2015-12-23 12:24 - 00144384 _____ () D:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-23 17:08 - 2015-12-07 01:14 - 00093696 _____ () D:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-23 17:08 - 2015-12-07 01:00 - 00472064 _____ () D:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-23 17:08 - 2015-12-07 01:00 - 00674816 _____ () D:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-01-12 22:40 - 2016-01-04 22:29 - 07992832 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 22:40 - 2016-01-04 22:23 - 00591360 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-12 22:40 - 2016-01-04 22:24 - 02483200 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-12 22:39 - 2016-01-04 22:26 - 04089856 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-09 17:34 - 2015-12-09 17:34 - 00012800 _____ () D:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-09 17:34 - 2015-12-09 17:34 - 11542016 _____ () D:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-20 15:22 - 2015-11-20 15:24 - 00258560 _____ () D:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-02-22 05:16 - 2010-03-02 21:22 - 00013824 _____ () D:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2015-02-22 05:16 - 2010-03-02 21:22 - 00013312 _____ () D:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2015-02-23 21:32 - 2009-11-20 16:19 - 00058880 _____ () D:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-12-23 12:20 - 2015-12-23 12:24 - 00141312 _____ () D:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-23 12:20 - 2015-12-23 12:24 - 21845504 _____ () D:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-03-30 13:34 - 2015-03-28 00:45 - 00011920 _____ () D:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-03-17 02:34 - 2015-03-17 02:34 - 00010240 _____ () D:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\pt_br\acrotray.ptb
2016-01-15 13:04 - 2016-01-12 13:35 - 01590088 _____ () D:\Users\Caetano\AppData\Local\Google\Chrome\Application\47.0.2526.111\libglesv2.dll
2016-01-15 13:04 - 2016-01-12 13:35 - 00087880 _____ () D:\Users\Caetano\AppData\Local\Google\Chrome\Application\47.0.2526.111\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: D:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: D:\WINDOWS\System32:8D142330_Cef.gbp
AlternateDataStreams: D:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000\...\caixa.gov.br -> imagem.caixa.gov.br
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 23:34 - 2016-01-08 15:31 - 00001023 ____N D:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1014537539-2695994088-2108778008-1000\Control Panel\Desktop\\Wallpaper -> D:\Users\Caetano\Pictures\Private-library.jpg
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{2AD179C4-0963-4C14-8465-664997E72D5D}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B8CD8FDD-7A3E-48BF-923F-6EB7EAB6108A}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C7A9C7E8-2DC4-4AB6-89FF-47D7D26CD3A0}] => (Allow) D:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{1EDFFCE0-BCCD-4AD5-9C65-FDB49CD95D13}] => (Allow) D:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{8D0568CB-C53F-4974-8C48-946BC4400227}] => (Allow) D:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{AE441EC2-5A55-4F62-8152-FC9AE82D3562}] => (Allow) D:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{587D7B1B-7F93-4AFC-B811-C5DF39BDD370}] => (Allow) D:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{B7BC1B36-50ED-4829-A616-DEF5F5EDBDB5}] => (Allow) D:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [UDP Query User{7339DEF2-2794-4B21-ACB9-DAEDBC06AECB}D:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) D:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{E64E31AE-6B6D-42C1-84B9-01A97A371288}D:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) D:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{78F86DD1-B1C5-4D07-9C86-5B3C450423EF}D:\users\caetano\appdata\local\popcorn time\nw.exe] => (Allow) D:\users\caetano\appdata\local\popcorn time\nw.exe
FirewallRules: [TCP Query User{40D7B613-8AAD-4E69-B56C-E1189269AD96}D:\users\caetano\appdata\local\popcorn time\nw.exe] => (Allow) D:\users\caetano\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{522DC74B-D93B-42A2-AAAC-0BD5C20DD838}D:\users\caetano\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) D:\users\caetano\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{A1B13C16-D69B-4593-8EA8-B835AD40D47D}D:\users\caetano\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) D:\users\caetano\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{C3B258E4-24AE-42C4-A9FE-A8339C615B97}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B605DEE4-E3A8-4DAE-BDD3-6E3F602DF450}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{ED9C74A8-D57B-4FA0-A344-AFE233F1984A}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{50408B47-5D60-42C4-8663-EAF681A31B6A}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{07134A5A-2030-4E06-A9A9-EC05945B4776}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{29AE14AC-C06F-4EE2-885A-1D621012EA7D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1346DE78-7A24-4346-9D16-62DC100EE1A4}] => (Allow) D:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{40D4D65B-DB97-4938-BA89-232423C6AA5F}] => (Allow) D:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{04B4749F-D93F-4626-B38E-01AA258ED464}] => (Allow) D:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E08C39C0-DF9E-48B0-8CF4-C0546B670203}] => (Allow) D:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{478C1408-54CA-46CB-8C27-B86798473622}] => (Allow) D:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{41C9474C-1F91-4EE1-8AD5-E2FCAD458353}] => (Allow) D:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F5E1F2AC-E54E-4C2F-84CC-C001300EBDCA}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4BEB1D42-060C-47FE-9FDB-CDC86478B44B}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D7E34B56-DDDF-4773-901D-84B9739CAC9B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{23E478A3-B01E-4A06-BC8B-9D68416D5C64}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [TCP Query User{9DBD24FB-1AD5-4DCC-8DB7-527FAEE1B01B}D:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{38C6A95A-9961-43BC-85EB-DF2BD2CF6AB7}D:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{A0BA9A2E-C8DD-4860-B250-B9D00C24766F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\X-Plane.exe
FirewallRules: [{25BE1FC1-D9FB-4B62-B196-8D2014B33D11}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\X-Plane.exe
FirewallRules: [{3CAEFE79-699F-469E-B6F9-B091EBA7977B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\X-Plane-32bit.exe
FirewallRules: [{B9A64788-ACE2-4640-847F-FCC80A4073DD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\X-Plane-32bit.exe
FirewallRules: [{71887608-59B6-4594-B78C-A0E9E5ED1322}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\Airfoil-Maker.exe
FirewallRules: [{DFC2E672-6571-45A7-9DD1-F9BE7B95C4D8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\Airfoil-Maker.exe
FirewallRules: [{BA33D9CE-3AC6-4772-AD07-30F5266721D6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\Plane-Maker.exe
FirewallRules: [{EB81B44C-69D4-4EF0-BBFC-D8F3A790D4C4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\Plane-Maker.exe
FirewallRules: [{544FB29C-D122-40D5-9533-0B91B037F97E}] => (Allow) D:\Users\Caetano\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{85A614CD-CF40-4A6B-AC2B-FEA72B926475}] => (Allow) D:\Users\Caetano\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5B7BE32C-758E-4F81-B3B5-B210A8314424}] => (Allow) D:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{919C44EA-8ABF-45DA-B156-C3A8E511E458}] => (Allow) D:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{61338B4F-AB75-4148-B7D0-B005F8626CEA}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{D8632584-983D-4EBF-9D05-81BBB857D9CD}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{683626A1-9262-410B-A118-7BA59B2BF787}D:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{82AA2781-E3F2-404B-A88F-6FA73C38D019}D:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{60E27F8A-890D-4CF4-9065-76D4C2DBD6E5}D:\users\caetano\appdata\roaming\spotify\spotify.exe] => (Allow) D:\users\caetano\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2AA887C4-DE39-4154-9EBE-BE39A0185055}D:\users\caetano\appdata\roaming\spotify\spotify.exe] => (Allow) D:\users\caetano\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5591D6E1-7F70-4F54-B76A-7BB5234BB53C}] => (Allow) D:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8B535619-274B-4D07-98E6-3DBED2F56A06}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{A9CEE8F2-C5CE-44F1-BD0B-5236BFA471A8}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{E3865D2D-8097-49BF-AAC6-ACEEEBB81A55}] => (Allow) D:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{66CD4650-9A88-44F9-A63A-B74A2E03824C}] => (Allow) D:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{BDDE50E3-DE06-4EF2-A960-07D5658265D6}] => (Allow) D:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{AF31071D-D56D-422B-A140-F029814EC839}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{05A48E50-1D59-4DFE-B3B5-2707F5222625}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{C65AF969-2F83-49A8-A6C2-8491FAAE6CB9}] => (Allow) D:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{F9A12D6A-D6E7-4D66-B7EA-9C2650D744B2}] => (Allow) D:\Program Files\KMSpico\AutoPico.exe
==================== Restore Points =========================
17-01-2016 10:57:44 Windows Update
==================== Faulty Device Manager Devices =============
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/19/2016 10:21:33 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]
Error: (01/19/2016 05:03:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.4.5.41372 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2ad8
Start Time: 01d1528fa46142f0
Termination Time: 60000
Application Path: D:\Users\Caetano\AppData\Roaming\uTorrent\uTorrent.exe
Report Id: ee4fae07-be82-11e5-9bed-f07bcbcfc6ca
Faulting package full name:
Faulting package-relative application ID:
Error: (01/19/2016 05:02:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.4.5.41372 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 182c
Start Time: 01d1528f2f832881
Termination Time: 60000
Application Path: D:\Users\Caetano\AppData\Roaming\uTorrent\uTorrent.exe
Report Id: bf87b610-be82-11e5-9bed-f07bcbcfc6ca
Faulting package full name:
Faulting package-relative application ID:
Error: (01/19/2016 04:59:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.4.5.41372 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1990
Start Time: 01d1528e52747914
Termination Time: 60000
Application Path: D:\Users\Caetano\AppData\Roaming\uTorrent\uTorrent.exe
Report Id: 58cce5d2-be82-11e5-9bed-f07bcbcfc6ca
Faulting package full name:
Faulting package-relative application ID:
Error: (01/18/2016 10:18:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: regedit.exe, version: 10.0.10586.0, time stamp: 0x5632d798
Faulting module name: COMCTL32.dll, version: 6.10.10586.0, time stamp: 0x5632d2ce
Exception code: 0xc00000fd
Fault offset: 0x00000000000037a7
Faulting process id: 0x1ea8
Faulting application start time: 0xregedit.exe0
Faulting application path: regedit.exe1
Faulting module path: regedit.exe2
Report Id: regedit.exe3
Faulting package full name: regedit.exe4
Faulting package-relative application ID: regedit.exe5
Error: (01/18/2016 10:00:00 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (01/18/2016 09:25:57 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]
Error: (01/17/2016 08:37:20 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (01/17/2016 02:22:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvstreamsvc.exe, version: 4.1.1944.2762, time stamp: 0x5515f674
Faulting module name: nvstreamsvc.exe, version: 4.1.1944.2762, time stamp: 0x5515f674
Exception code: 0xc0000005
Fault offset: 0x0000000000687672
Faulting process id: 0x2318
Faulting application start time: 0xnvstreamsvc.exe0
Faulting application path: nvstreamsvc.exe1
Faulting module path: nvstreamsvc.exe2
Report Id: nvstreamsvc.exe3
Faulting package full name: nvstreamsvc.exe4
Faulting package-relative application ID: nvstreamsvc.exe5
Error: (01/17/2016 02:22:01 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
System errors:
=============
Error: (01/19/2016 11:16:20 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer RODRIGO-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1A788F94-7CA5-420D-8DD8-9A9E8F2D5154}.
The master browser is stopping or an election is being forced.
Error: (01/19/2016 11:16:19 AM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network. The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
Error: (01/19/2016 11:16:18 AM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network. The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
Error: (01/19/2016 11:16:18 AM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network. The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
Error: (01/19/2016 11:16:18 AM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network. The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
Error: (01/19/2016 05:53:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_54926f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (01/19/2016 04:22:11 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
Code: 8 0x0 0x0
Error: (01/19/2016 04:22:08 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
Code: 2 0xdeaddeed 0xeeec
Error: (01/19/2016 04:22:08 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
Code: 1 0xc 0x4
Error: (01/18/2016 10:44:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_26102 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
CodeIntegrity:
===================================
Date: 2016-01-19 04:31:45.823
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-19 04:31:45.535
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-19 04:19:55.399
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-15 12:26:25.073
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-14 20:17:54.145
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-14 20:17:54.078
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-14 20:17:53.916
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-14 20:17:53.669
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-14 16:15:29.047
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-13 21:31:47.169
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 51%
Total physical RAM: 4014.07 MB
Available physical RAM: 1966.59 MB
Total Virtual: 8110.07 MB
Available Virtual: 5665.97 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:259.61 GB) (Free:259.46 GB) NTFS
Drive d: (Vinicius) (Fixed) (Total:205.62 GB) (Free:47.51 GB) NTFS
Drive g: (Reservado pelo Sistema) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A6D81BE1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=259.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=205.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=450 MB) - (Type=27)
==================== End of Addition.txt ============================
Ran by Caetano (2016-01-19 14:31:55)
Running from D:\Users\Caetano\Desktop
Windows 10 Pro (X64) (2015-12-23 13:45:53)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1014537539-2695994088-2108778008-500 - Administrator - Disabled)
Caetano (S-1-5-21-1014537539-2695994088-2108778008-1000 - Administrator - Enabled) => D:\Users\Caetano
DefaultAccount (S-1-5-21-1014537539-2695994088-2108778008-503 - Limited - Disabled)
Guest (S-1-5-21-1014537539-2695994088-2108778008-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1014537539-2695994088-2108778008-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1014537539-2695994088-2108778008-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
GMATPrep (HKLM-x32\...\GMATPrep 2.3.322) (Version: 2.3.322 - Graduate Management Admission Council (GMAC))
Google Chrome (HKU\S-1-5-21-1014537539-2695994088-2108778008-1000\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2015) (Version: 1.0 - Receita Federal do Brasil)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM-x32\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 pt-BR)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
NVIDIA 3D Vision Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.0.0 - Popcorn Time)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPROR_{115B7592-B71D-4C27-AB34-34268FB199CA}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.2.0.14250 - Sony Corporation)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1014537539-2695994088-2108778008-1000\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.2.0.15020 - Sony Corporation)
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.2.0.15020 - Sony Corporation)
VAIO Power Management (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.1.0.13200 - Sony Corporation)
VidyoWeb - 1.1.1.00075 (HKLM-x32\...\{B6CA2BDD-D30F-4426-A5C6-767BAD8FF02F}) (Version: 1.1.1.00075 - Vidyo, Inc.)
War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
Warsaw 1.11.0.42826 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.11.0.42826 - GAS Tecnologia)
WebCam Companion (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: - )
Windows Driver Package - Atheros Communications Inc. (athr) Net (02/12/2010 9.0.0.125) (HKLM\...\62D2521666DCF9EBEC983E0344A3DEE15CF2C6D3) (Version: 02/12/2010 9.0.0.125 - Atheros Communications Inc.)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
X-Plane 10 Global - 64 Bit (HKLM-x32\...\Steam App 292180) (Version: - Laminar Research)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> D:\Users\Caetano\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> D:\Users\Caetano\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> D:\Users\Caetano\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> D:\Users\Caetano\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> D:\Users\Caetano\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> D:\Users\Caetano\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> D:\Users\Caetano\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> D:\Users\Caetano\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> D:\Users\Caetano\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> D:\Users\Caetano\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0041BDAC-BBB5-4362-B2E7-BC71E3086DC8} - System32\Tasks\Adobe Acrobat Update Task => D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {03F09925-6C07-4EBC-88B1-C3C0363750EC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => D:\Windows\ehome\mcupdate.exe
Task: {07EE8A23-9808-4B9E-967C-707A9D8C82FE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {09B3399E-69B8-4BC8-A84A-0E7E4679658E} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => D:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-01-20] (Sony Corporation)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {17505B6F-3541-497C-8D1A-B30F9409A544} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => D:\Windows\ehome\mcupdate.exe
Task: {18A6C544-CBD8-40D6-A57A-C0EF715D8B31} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => D:\Windows\ehome\ehPrivJob.exe
Task: {1A8CB5ED-D01A-4480-86E5-CDE4D4DFDAF3} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => D:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-01-20] (Sony Corporation)
Task: {24F52321-3131-400C-B42C-B39E33BB8CE2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => D:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {2650A2A9-E032-4DAB-8998-0E45F3371AA5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => D:\Windows\ehome\ehPrivJob.exe
Task: {26F3E1FD-C64E-4A97-BC37-82D0BDE4ABE9} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => D:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-01-20] (Sony Corporation)
Task: {27A9E23E-1A5C-4DC7-BB96-8F74F13EA50F} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => D:\Windows\ehome\ehPrivJob.exe
Task: {2ECA202E-4B08-44FD-B287-D5F262CB63B3} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => D:\Windows\ehome\mcupdate.exe
Task: {31CAB992-9BBE-4FDC-9F91-E62DFEE86EA8} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => D:\Windows\ehome\ehrec.exe
Task: {32A5F204-8D4A-4C3D-B4EA-855B000D8A9D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3409C17B-F091-466D-8C4C-1D9B35FD5CAC} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => D:\Windows\ehome\ehPrivJob.exe
Task: {359DA2E4-D76B-4AE8-B372-5AEEBD450926} - System32\Tasks\AdobeAAMUpdater-1.0-Caetano-PC-Caetano => D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-10-30] (Adobe Systems Incorporated)
Task: {3632D93F-FECC-4412-8161-0E7E6DA0AC11} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {40C67CA3-CE89-4873-B2FE-DE03AE12DB65} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => D:\Windows\ehome\ehPrivJob.exe
Task: {443551E0-5B5D-45B3-9D23-6628C1501B79} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {454E03C0-C8D2-402E-B93F-07C36E9715A8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => D:\Windows\ehome\ehPrivJob.exe
Task: {458B47A0-4ACD-498A-915E-C91690A48A6B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => D:\Windows\ehome\mcupdate.exe
Task: {5359B02C-E54D-442C-9E7C-E81A02CEF15F} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => D:\Windows\ehome\MCUpdate.exe
Task: {57BA7565-F1EE-4BB2-A666-1CE884A1EA26} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => D:\Windows\ehome\mcupdate.exe
Task: {58E7A071-FE80-468D-BBB2-11FAE4E0A50D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => D:\Windows\ehome\mcupdate.exe
Task: {5C7F4257-CCDC-49DC-867E-F91BD4993B90} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => D:\Windows\ehome\ehPrivJob.exe
Task: {6BECDCC5-E5DD-4025-9A42-F236FBC7D0D7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1014537539-2695994088-2108778008-1000UA => D:\Users\Caetano\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.)
Task: {7D386109-4A56-473E-AE4F-A38D7B1BBDBE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {7DC9330F-1CE5-40CB-94D5-27A0FED80072} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => D:\WINDOWS\system32\MRT.exe [2016-01-17] (Microsoft Corporation)
Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => C:\windows\system32\MusNotification.exe
Task: {87CB2D65-5224-4481-9FCC-242019E2C12F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8C1C4E8F-0903-4249-B29C-487F7E13C1E0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9395EB0B-2EEF-4D54-BC29-8C5985F111F6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => D:\Windows\ehome\ehPrivJob.exe
Task: {950A4493-D957-4A60-AC66-7CAEC95DB839} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A0B4F51C-5690-496E-9A78-0421C7C1C1C4} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => D:\Windows\ehome\mcupdate.exe
Task: {A829CCF2-11BB-4A90-B24D-3D06DF9730D1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => D:\Windows\ehome\ehPrivJob.exe
Task: {A88E1FC2-D23D-4E62-9E77-FE2243615D74} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => D:\Windows\ehome\ehPrivJob.exe
Task: {A9E65A22-56E1-4630-B9FE-21B14BD43CAF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {B693409A-915D-4471-988E-6694A7F7E60E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C06AB0E1-A4A8-40AC-ABEE-A526A6CF180E} - System32\Tasks\AutoPico Daily Restart => D:\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()
Task: {CD134041-FB81-4F46-BBD9-EFF181C7A6B1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => D:\Windows\ehome\ehPrivJob.exe
Task: {CF0B319C-0056-49D4-AA0F-F201138921CD} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => D:\Windows\ehome\ehPrivJob.exe
Task: {CF1B524B-65FC-4EA1-A4BE-C294C6D57DBE} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => D:\Windows\ehome\ehPrivJob.exe
Task: {D849ACF8-1395-4F2E-94F0-380C18B0ABCC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1014537539-2695994088-2108778008-1000Core => D:\Users\Caetano\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.)
Task: {DACD4789-69AC-4E6C-AD7A-98DEFE0087B9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => C:\windows\system32\MusNotification.exe
Task: {F01A67C3-4996-4937-B2C0-1066F858EA5C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FEC565A8-33C7-4F41-8F7C-088FD9B11DCA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1014537539-2695994088-2108778008-1000Core.job => D:\Users\Caetano\AppData\Local\Google\Update\GoogleUpdate.exe
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1014537539-2695994088-2108778008-1000UA.job => D:\Users\Caetano\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () D:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-23 10:18 - 2015-10-13 14:26 - 00125616 _____ () D:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-23 15:06 - 2015-12-23 15:06 - 02653816 _____ () D:\WINDOWS\system32\CoreUIComponents.dll
2015-12-23 15:06 - 2015-12-23 15:06 - 02653816 _____ () D:\WINDOWS\System32\CoreUIComponents.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () D:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-12-23 12:20 - 2015-12-23 12:24 - 00144384 _____ () D:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-23 17:08 - 2015-12-07 01:14 - 00093696 _____ () D:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-23 17:08 - 2015-12-07 01:00 - 00472064 _____ () D:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-23 17:08 - 2015-12-07 01:00 - 00674816 _____ () D:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-01-12 22:40 - 2016-01-04 22:29 - 07992832 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 22:40 - 2016-01-04 22:23 - 00591360 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-12 22:40 - 2016-01-04 22:24 - 02483200 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-12 22:39 - 2016-01-04 22:26 - 04089856 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-09 17:34 - 2015-12-09 17:34 - 00012800 _____ () D:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-09 17:34 - 2015-12-09 17:34 - 11542016 _____ () D:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-20 15:22 - 2015-11-20 15:24 - 00258560 _____ () D:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-02-22 05:16 - 2010-03-02 21:22 - 00013824 _____ () D:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2015-02-22 05:16 - 2010-03-02 21:22 - 00013312 _____ () D:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2015-02-23 21:32 - 2009-11-20 16:19 - 00058880 _____ () D:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-12-23 12:20 - 2015-12-23 12:24 - 00141312 _____ () D:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-23 12:20 - 2015-12-23 12:24 - 21845504 _____ () D:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-03-30 13:34 - 2015-03-28 00:45 - 00011920 _____ () D:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-03-17 02:34 - 2015-03-17 02:34 - 00010240 _____ () D:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\pt_br\acrotray.ptb
2016-01-15 13:04 - 2016-01-12 13:35 - 01590088 _____ () D:\Users\Caetano\AppData\Local\Google\Chrome\Application\47.0.2526.111\libglesv2.dll
2016-01-15 13:04 - 2016-01-12 13:35 - 00087880 _____ () D:\Users\Caetano\AppData\Local\Google\Chrome\Application\47.0.2526.111\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: D:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: D:\WINDOWS\System32:8D142330_Cef.gbp
AlternateDataStreams: D:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000\...\caixa.gov.br -> imagem.caixa.gov.br
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 23:34 - 2016-01-08 15:31 - 00001023 ____N D:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1014537539-2695994088-2108778008-1000\Control Panel\Desktop\\Wallpaper -> D:\Users\Caetano\Pictures\Private-library.jpg
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{2AD179C4-0963-4C14-8465-664997E72D5D}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B8CD8FDD-7A3E-48BF-923F-6EB7EAB6108A}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C7A9C7E8-2DC4-4AB6-89FF-47D7D26CD3A0}] => (Allow) D:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{1EDFFCE0-BCCD-4AD5-9C65-FDB49CD95D13}] => (Allow) D:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{8D0568CB-C53F-4974-8C48-946BC4400227}] => (Allow) D:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{AE441EC2-5A55-4F62-8152-FC9AE82D3562}] => (Allow) D:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{587D7B1B-7F93-4AFC-B811-C5DF39BDD370}] => (Allow) D:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{B7BC1B36-50ED-4829-A616-DEF5F5EDBDB5}] => (Allow) D:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [UDP Query User{7339DEF2-2794-4B21-ACB9-DAEDBC06AECB}D:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) D:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{E64E31AE-6B6D-42C1-84B9-01A97A371288}D:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) D:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{78F86DD1-B1C5-4D07-9C86-5B3C450423EF}D:\users\caetano\appdata\local\popcorn time\nw.exe] => (Allow) D:\users\caetano\appdata\local\popcorn time\nw.exe
FirewallRules: [TCP Query User{40D7B613-8AAD-4E69-B56C-E1189269AD96}D:\users\caetano\appdata\local\popcorn time\nw.exe] => (Allow) D:\users\caetano\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{522DC74B-D93B-42A2-AAAC-0BD5C20DD838}D:\users\caetano\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) D:\users\caetano\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{A1B13C16-D69B-4593-8EA8-B835AD40D47D}D:\users\caetano\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) D:\users\caetano\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{C3B258E4-24AE-42C4-A9FE-A8339C615B97}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B605DEE4-E3A8-4DAE-BDD3-6E3F602DF450}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{ED9C74A8-D57B-4FA0-A344-AFE233F1984A}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{50408B47-5D60-42C4-8663-EAF681A31B6A}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{07134A5A-2030-4E06-A9A9-EC05945B4776}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{29AE14AC-C06F-4EE2-885A-1D621012EA7D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1346DE78-7A24-4346-9D16-62DC100EE1A4}] => (Allow) D:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{40D4D65B-DB97-4938-BA89-232423C6AA5F}] => (Allow) D:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{04B4749F-D93F-4626-B38E-01AA258ED464}] => (Allow) D:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E08C39C0-DF9E-48B0-8CF4-C0546B670203}] => (Allow) D:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{478C1408-54CA-46CB-8C27-B86798473622}] => (Allow) D:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{41C9474C-1F91-4EE1-8AD5-E2FCAD458353}] => (Allow) D:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F5E1F2AC-E54E-4C2F-84CC-C001300EBDCA}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4BEB1D42-060C-47FE-9FDB-CDC86478B44B}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D7E34B56-DDDF-4773-901D-84B9739CAC9B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{23E478A3-B01E-4A06-BC8B-9D68416D5C64}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [TCP Query User{9DBD24FB-1AD5-4DCC-8DB7-527FAEE1B01B}D:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{38C6A95A-9961-43BC-85EB-DF2BD2CF6AB7}D:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{A0BA9A2E-C8DD-4860-B250-B9D00C24766F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\X-Plane.exe
FirewallRules: [{25BE1FC1-D9FB-4B62-B196-8D2014B33D11}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\X-Plane.exe
FirewallRules: [{3CAEFE79-699F-469E-B6F9-B091EBA7977B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\X-Plane-32bit.exe
FirewallRules: [{B9A64788-ACE2-4640-847F-FCC80A4073DD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\X-Plane-32bit.exe
FirewallRules: [{71887608-59B6-4594-B78C-A0E9E5ED1322}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\Airfoil-Maker.exe
FirewallRules: [{DFC2E672-6571-45A7-9DD1-F9BE7B95C4D8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\Airfoil-Maker.exe
FirewallRules: [{BA33D9CE-3AC6-4772-AD07-30F5266721D6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\Plane-Maker.exe
FirewallRules: [{EB81B44C-69D4-4EF0-BBFC-D8F3A790D4C4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\Plane-Maker.exe
FirewallRules: [{544FB29C-D122-40D5-9533-0B91B037F97E}] => (Allow) D:\Users\Caetano\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{85A614CD-CF40-4A6B-AC2B-FEA72B926475}] => (Allow) D:\Users\Caetano\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5B7BE32C-758E-4F81-B3B5-B210A8314424}] => (Allow) D:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{919C44EA-8ABF-45DA-B156-C3A8E511E458}] => (Allow) D:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{61338B4F-AB75-4148-B7D0-B005F8626CEA}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{D8632584-983D-4EBF-9D05-81BBB857D9CD}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{683626A1-9262-410B-A118-7BA59B2BF787}D:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{82AA2781-E3F2-404B-A88F-6FA73C38D019}D:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{60E27F8A-890D-4CF4-9065-76D4C2DBD6E5}D:\users\caetano\appdata\roaming\spotify\spotify.exe] => (Allow) D:\users\caetano\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2AA887C4-DE39-4154-9EBE-BE39A0185055}D:\users\caetano\appdata\roaming\spotify\spotify.exe] => (Allow) D:\users\caetano\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5591D6E1-7F70-4F54-B76A-7BB5234BB53C}] => (Allow) D:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8B535619-274B-4D07-98E6-3DBED2F56A06}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{A9CEE8F2-C5CE-44F1-BD0B-5236BFA471A8}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{E3865D2D-8097-49BF-AAC6-ACEEEBB81A55}] => (Allow) D:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{66CD4650-9A88-44F9-A63A-B74A2E03824C}] => (Allow) D:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{BDDE50E3-DE06-4EF2-A960-07D5658265D6}] => (Allow) D:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{AF31071D-D56D-422B-A140-F029814EC839}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{05A48E50-1D59-4DFE-B3B5-2707F5222625}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{C65AF969-2F83-49A8-A6C2-8491FAAE6CB9}] => (Allow) D:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{F9A12D6A-D6E7-4D66-B7EA-9C2650D744B2}] => (Allow) D:\Program Files\KMSpico\AutoPico.exe
==================== Restore Points =========================
17-01-2016 10:57:44 Windows Update
==================== Faulty Device Manager Devices =============
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/19/2016 10:21:33 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]
Error: (01/19/2016 05:03:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.4.5.41372 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2ad8
Start Time: 01d1528fa46142f0
Termination Time: 60000
Application Path: D:\Users\Caetano\AppData\Roaming\uTorrent\uTorrent.exe
Report Id: ee4fae07-be82-11e5-9bed-f07bcbcfc6ca
Faulting package full name:
Faulting package-relative application ID:
Error: (01/19/2016 05:02:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.4.5.41372 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 182c
Start Time: 01d1528f2f832881
Termination Time: 60000
Application Path: D:\Users\Caetano\AppData\Roaming\uTorrent\uTorrent.exe
Report Id: bf87b610-be82-11e5-9bed-f07bcbcfc6ca
Faulting package full name:
Faulting package-relative application ID:
Error: (01/19/2016 04:59:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.4.5.41372 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1990
Start Time: 01d1528e52747914
Termination Time: 60000
Application Path: D:\Users\Caetano\AppData\Roaming\uTorrent\uTorrent.exe
Report Id: 58cce5d2-be82-11e5-9bed-f07bcbcfc6ca
Faulting package full name:
Faulting package-relative application ID:
Error: (01/18/2016 10:18:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: regedit.exe, version: 10.0.10586.0, time stamp: 0x5632d798
Faulting module name: COMCTL32.dll, version: 6.10.10586.0, time stamp: 0x5632d2ce
Exception code: 0xc00000fd
Fault offset: 0x00000000000037a7
Faulting process id: 0x1ea8
Faulting application start time: 0xregedit.exe0
Faulting application path: regedit.exe1
Faulting module path: regedit.exe2
Report Id: regedit.exe3
Faulting package full name: regedit.exe4
Faulting package-relative application ID: regedit.exe5
Error: (01/18/2016 10:00:00 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (01/18/2016 09:25:57 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]
Error: (01/17/2016 08:37:20 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (01/17/2016 02:22:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvstreamsvc.exe, version: 4.1.1944.2762, time stamp: 0x5515f674
Faulting module name: nvstreamsvc.exe, version: 4.1.1944.2762, time stamp: 0x5515f674
Exception code: 0xc0000005
Fault offset: 0x0000000000687672
Faulting process id: 0x2318
Faulting application start time: 0xnvstreamsvc.exe0
Faulting application path: nvstreamsvc.exe1
Faulting module path: nvstreamsvc.exe2
Report Id: nvstreamsvc.exe3
Faulting package full name: nvstreamsvc.exe4
Faulting package-relative application ID: nvstreamsvc.exe5
Error: (01/17/2016 02:22:01 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
System errors:
=============
Error: (01/19/2016 11:16:20 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer RODRIGO-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1A788F94-7CA5-420D-8DD8-9A9E8F2D5154}.
The master browser is stopping or an election is being forced.
Error: (01/19/2016 11:16:19 AM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network. The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
Error: (01/19/2016 11:16:18 AM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network. The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
Error: (01/19/2016 11:16:18 AM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network. The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
Error: (01/19/2016 11:16:18 AM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network. The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
Error: (01/19/2016 05:53:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_54926f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (01/19/2016 04:22:11 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
Code: 8 0x0 0x0
Error: (01/19/2016 04:22:08 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
Code: 2 0xdeaddeed 0xeeec
Error: (01/19/2016 04:22:08 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
Code: 1 0xc 0x4
Error: (01/18/2016 10:44:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_26102 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
CodeIntegrity:
===================================
Date: 2016-01-19 04:31:45.823
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-19 04:31:45.535
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-19 04:19:55.399
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-15 12:26:25.073
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-14 20:17:54.145
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-14 20:17:54.078
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-14 20:17:53.916
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-14 20:17:53.669
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-14 16:15:29.047
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-13 21:31:47.169
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 51%
Total physical RAM: 4014.07 MB
Available physical RAM: 1966.59 MB
Total Virtual: 8110.07 MB
Available Virtual: 5665.97 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:259.61 GB) (Free:259.46 GB) NTFS
Drive d: (Vinicius) (Fixed) (Total:205.62 GB) (Free:47.51 GB) NTFS
Drive g: (Reservado pelo Sistema) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A6D81BE1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=259.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=205.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=450 MB) - (Type=27)
==================== End of Addition.txt ============================